Configure log access
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.
If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.
If you disable or do not configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.
Supported on: At least Windows Vista
Log Access
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\Windows\EventLog\System |
| Value Name | ChannelAccess |
| Value Type | REG_SZ |
| Default Value |
eventlog.admx
- Control Panel
- Personalization
- Do not display the lock screen
- Force a specific background and accent color
- Force a specific default lock screen image
- Force a specific Start background
- Prevent changing lock screen image
- Prevent changing start menu background
- Prevent enabling lock screen camera
- Prevent enabling lock screen slide show
- Regional and Language Options
- User Accounts
- Personalization
- Network
- Background Intelligent Transfer Service (BITS)
- Allow BITS Peercaching
- Do not allow the BITS client to use Windows Branch Cache
- Do not allow the computer to act as a BITS Peercaching client
- Do not allow the computer to act as a BITS Peercaching server
- Limit the age of files in the BITS Peercache
- Limit the BITS Peercache size
- Limit the maximum BITS job download time
- Limit the maximum network bandwidth for BITS background transfers
- Limit the maximum network bandwidth used for Peercaching
- Limit the maximum number of BITS jobs for each user
- Limit the maximum number of BITS jobs for this computer
- Limit the maximum number of files allowed in a BITS job
- Limit the maximum number of ranges that can be added to the file in a BITS job
- Set default download behavior for BITS jobs on costed networks
- Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
- Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
- Timeout for inactive BITS jobs
- BranchCache
- Configure BranchCache for network files
- Configure Client BranchCache Version Support
- Configure Hosted Cache Servers
- Enable Automatic Hosted Cache Discovery by Service Connection Point
- Set age for segments in the data cache
- Set BranchCache Distributed Cache mode
- Set BranchCache Hosted Cache mode
- Set percentage of disk space used for client computer cache
- Turn on BranchCache
- DirectAccess Client Experience Settings
- DNS Client
- Allow DNS suffix appending to unqualified multi-label name queries
- Allow NetBT queries for fully qualified domain names
- Connection-specific DNS suffix
- DNS servers
- DNS suffix search list
- Dynamic update
- IDN mapping
- Prefer link local responses over DNS when received over a network with higher precedence
- Primary DNS suffix devolution level
- Primary DNS suffix devolution
- Primary DNS suffix
- Register DNS records with connection-specific DNS suffix
- Register PTR records
- Registration refresh interval
- Replace addresses in conflicts
- TTL value for A and PTR records
- Turn off IDN encoding
- Turn off multicast name resolution
- Turn off smart multi-homed name resolution
- Turn off smart protocol reordering
- Update security level
- Update top level domain zones
- Hotspot Authentication
- Lanman Server
- Link-Layer Topology Discovery
- Microsoft Peer-to-Peer Networking Services
- Peer Name Resolution Protocol
- Global Clouds
- Link-Local Clouds
- Site-Local Clouds
- Disable password strength validation for Peer Grouping
- Turn off Microsoft Peer-to-Peer Networking Services
- Peer Name Resolution Protocol
- Network Connections
- Windows Defender Firewall
- Domain Profile
- Windows Defender Firewall: Allow ICMP exceptions
- Windows Defender Firewall: Allow inbound file and printer sharing exception
- Windows Defender Firewall: Allow inbound remote administration exception
- Windows Defender Firewall: Allow inbound Remote Desktop exceptions
- Windows Defender Firewall: Allow inbound UPnP framework exceptions
- Windows Defender Firewall: Allow local port exceptions
- Windows Defender Firewall: Allow local program exceptions
- Windows Defender Firewall: Allow logging
- Windows Defender Firewall: Define inbound port exceptions
- Windows Defender Firewall: Define inbound program exceptions
- Windows Defender Firewall: Do not allow exceptions
- Windows Defender Firewall: Prohibit notifications
- Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests
- Windows Defender Firewall: Protect all network connections
- Standard Profile
- Windows Defender Firewall: Allow ICMP exceptions
- Windows Defender Firewall: Allow inbound file and printer sharing exception
- Windows Defender Firewall: Allow inbound remote administration exception
- Windows Defender Firewall: Allow inbound Remote Desktop exceptions
- Windows Defender Firewall: Allow inbound UPnP framework exceptions
- Windows Defender Firewall: Allow local port exceptions
- Windows Defender Firewall: Allow local program exceptions
- Windows Defender Firewall: Allow logging
- Windows Defender Firewall: Define inbound port exceptions
- Windows Defender Firewall: Define inbound program exceptions
- Windows Defender Firewall: Do not allow exceptions
- Windows Defender Firewall: Prohibit notifications
- Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests
- Windows Defender Firewall: Protect all network connections
- Windows Defender Firewall: Allow authenticated IPsec bypass
- Domain Profile
- Do not show the "local access only" network icon
- Prohibit installation and configuration of Network Bridge on your DNS domain network
- Prohibit use of Internet Connection Firewall on your DNS domain network
- Require domain users to elevate when setting a network's location
- Route all traffic through the internal network
- Windows Defender Firewall
- Network Connectivity Status Indicator
- Network Isolation
- Offline Files
- Action on server disconnect
- Allow or Disallow use of the Offline Files feature
- At logoff, delete local copy of user's offline files
- Configure Background Sync
- Configure slow-link mode
- Configure Slow link speed
- Default cache size
- Enable file screens
- Enable file synchronization on costed networks
- Enable Transparent Caching
- Encrypt the Offline Files cache
- Event logging level
- Files not cached
- Initial reminder balloon lifetime
- Limit disk space used by Offline Files
- Non-default server disconnect actions
- Prevent use of Offline Files folder
- Prohibit user configuration of Offline Files
- Reminder balloon frequency
- Reminder balloon lifetime
- Remove "Make Available Offline" command
- Remove "Make Available Offline" for these files and folders
- Remove "Work offline" command
- Specify administratively assigned Offline Files
- Subfolders always available offline
- Synchronize all offline files before logging off
- Synchronize all offline files when logging on
- Synchronize offline files before suspend
- Turn off reminder balloons
- Turn on economical application of administratively assigned Offline Files
- QoS Packet Scheduler
- DSCP value of conforming packets
- DSCP value of non-conforming packets
- Layer-2 priority value
- Limit outstanding packets
- Limit reservable bandwidth
- Set timer resolution
- SNMP
- SSL Configuration Settings
- TCPIP Settings
- IPv6 Transition Technologies
- Parameters
- Windows Connection Manager
- Windows Connect Now
- WLAN Service
- WLAN Media Cost
- WWAN Service
- WWAN Media Cost
- Sets how often a DFS Client discovers DC's
- Background Intelligent Transfer Service (BITS)
- Printers
- Activate Internet printing
- Add Printer wizard - Network scan page (Managed network)
- Add Printer wizard - Network scan page (Unmanaged network)
- Allow job name in event logs
- Allow printers to be published
- Allow Print Spooler to accept client connections
- Allow pruning of published printers
- Always rasterize content to be printed using a software rasterizer
- Always render print jobs on the server
- Automatically publish new printers in Active Directory
- Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)
- Check published state
- Computer location
- Custom support URL in the Printers folder's left pane
- Directory pruning interval
- Directory pruning priority
- Directory pruning retry
- Disallow installation of printers using kernel-mode drivers
- Do not allow v4 printer drivers to show printer extensions
- Execute print drivers in isolated processes
- Extend Point and Print connection to search Windows Update
- Isolate print drivers from applications
- Log directory pruning retry events
- Only use Package Point and print
- Override print driver execution compatibility setting reported by print driver
- Package Point and print - Approved servers
- Point and Print Restrictions
- Pre-populate printer search location text
- Printer browsing
- Prune printers that are not automatically republished
- Start Menu and Taskbar
- System
- Access-Denied Assistance
- Audit Process Creation
- Credentials Delegation
- Allow delegating default credentials
- Allow delegating default credentials with NTLM-only server authentication
- Allow delegating fresh credentials
- Allow delegating fresh credentials with NTLM-only server authentication
- Allow delegating saved credentials
- Allow delegating saved credentials with NTLM-only server authentication
- Deny delegating default credentials
- Deny delegating fresh credentials
- Deny delegating saved credentials
- Restrict delegation of credentials to remote servers
- Device Installation
- Device Installation Restrictions
- Allow administrators to override Device Installation Restriction policies
- Allow installation of devices that match any of these device IDs
- Allow installation of devices using drivers that match these device setup classes
- Display a custom message title when device installation is prevented by a policy setting
- Display a custom message when installation is prevented by a policy setting
- Prevent installation of devices not described by other policy settings
- Prevent installation of devices that match any of these device IDs
- Prevent installation of devices using drivers that match these device setup classes
- Prevent installation of removable devices
- Time (in seconds) to force reboot when required for policy changes to take effect
- Allow remote access to the Plug and Play interface
- Configure device installation time-out
- Do not send a Windows error report when a generic driver is installed on a device
- Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point
- Prevent device metadata retrieval from the Internet
- Prevent Windows from sending an error report when a device driver requests additional software during installation
- Prioritize all digitally signed drivers equally during the driver ranking and selection process
- Specify search order for device driver source locations
- Specify the search server for device driver updates
- Turn off "Found New Hardware" balloons during device installation
- Device Installation Restrictions
- Device Redirection
- Device Redirection Restrictions
- Disk NV Cache
- Disk Quotas
- Distributed COM
- Application Compatibility Settings
- Driver Installation
- Early Launch Antimalware
- Enhanced Storage Access
- Allow only USB root hub connected Enhanced Storage devices
- Configure list of Enhanced Storage devices usable on your computer
- Configure list of IEEE 1667 silos usable on your computer
- Do not allow non-Enhanced Storage removable devices
- Do not allow password authentication of Enhanced Storage devices
- Do not allow Windows to activate Enhanced Storage devices
- Lock Enhanced Storage when the computer is locked
- File Classification Infrastructure
- Filesystem
- Folder Redirection
- Group Policy
- Logging and tracing
- Configure Applications preference logging and tracing
- Configure Data Sources preference logging and tracing
- Configure Devices preference logging and tracing
- Configure Drive Maps preference logging and tracing
- Configure Environment preference logging and tracing
- Configure Files preference logging and tracing
- Configure Folder Options preference logging and tracing
- Configure Folders preference logging and tracing
- Configure Ini Files preference logging and tracing
- Configure Internet Settings preference logging and tracing
- Configure Local Users and Groups preference logging and tracing
- Configure Network Options preference logging and tracing
- Configure Power Options preference logging and tracing
- Configure Printers preference logging and tracing
- Configure Regional Options preference logging and tracing
- Configure Registry preference logging and tracing
- Configure Scheduled Tasks preference logging and tracing
- Configure Services preference logging and tracing
- Configure Shortcuts preference logging and tracing
- Configure Start Menu preference logging and tracing
- Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
- Allow cross-forest user policy and roaming user profiles
- Always use local ADM files for Group Policy Object Editor
- Change Group Policy processing to run asynchronously when a slow network connection is detected.
- Configure Applications preference extension policy processing
- Configure Data Sources preference extension policy processing
- Configure Devices preference extension policy processing
- Configure Direct Access connections as a fast network connection
- Configure disk quota policy processing
- Configure Drive Maps preference extension policy processing
- Configure EFS recovery policy processing
- Configure Environment preference extension policy processing
- Configure Files preference extension policy processing
- Configure Folder Options preference extension policy processing
- Configure folder redirection policy processing
- Configure Folders preference extension policy processing
- Configure Group Policy Caching
- Configure Group Policy slow link detection
- Configure Ini Files preference extension policy processing
- Configure Internet Explorer Maintenance policy processing
- Configure Internet Settings preference extension policy processing
- Configure IP security policy processing
- Configure Local Users and Groups preference extension policy processing
- Configure Logon Script Delay
- Configure Network Options preference extension policy processing
- Configure Power Options preference extension policy processing
- Configure Printers preference extension policy processing
- Configure Regional Options preference extension policy processing
- Configure registry policy processing
- Configure Registry preference extension policy processing
- Configure Scheduled Tasks preference extension policy processing
- Configure scripts policy processing
- Configure security policy processing
- Configure Services preference extension policy processing
- Configure Shortcuts preference extension policy processing
- Configure software Installation policy processing
- Configure Start Menu preference extension policy processing
- Configure user Group Policy loopback processing mode
- Configure wired policy processing
- Configure wireless policy processing
- Determine if interactive users can generate Resultant Set of Policy data
- Enable AD/DFS domain controller synchronization during policy refresh
- Enable Group Policy Caching for Servers
- Remove users' ability to invoke machine policy refresh
- Set Group Policy refresh interval for computers
- Set Group Policy refresh interval for domain controllers
- Specify startup policy processing wait time
- Specify workplace connectivity wait time for policy processing
- Turn off background refresh of Group Policy
- Turn off Group Policy Client Service AOAC optimization
- Turn off Local Group Policy Objects processing
- Turn off Resultant Set of Policy logging
- Logging and tracing
- Internet Communication Management
- Internet Communication settings
- Turn off access to all Windows Update features
- Turn off access to the Store
- Turn off Automatic Root Certificates Update
- Turn off downloading of print drivers over HTTP
- Turn off Event Viewer "Events.asp" links
- Turn off handwriting personalization data sharing
- Turn off handwriting recognition error reporting
- Turn off Help and Support Center "Did you know?" content
- Turn off Help and Support Center Microsoft Knowledge Base search
- Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
- Turn off Internet download for Web publishing and online ordering wizards
- Turn off Internet File Association service
- Turn off printing over HTTP
- Turn off Registration if URL connection is referring to Microsoft.com
- Turn off Search Companion content file updates
- Turn off the "Order Prints" picture task
- Turn off the "Publish to Web" task for files and folders
- Turn off the Windows Messenger Customer Experience Improvement Program
- Turn off Windows Customer Experience Improvement Program
- Turn off Windows Error Reporting
- Turn off Windows Network Connectivity Status Indicator active tests
- Turn off Windows Update device driver searching
- Restrict Internet communication
- Internet Communication settings
- iSCSI
- General iSCSI
- iSCSI Security
- iSCSI Target Discovery
- KDC
- Kerberos
- Always send compound authentication first
- Define host name-to-Kerberos realm mappings
- Define interoperable Kerberos V5 realm settings
- Disable revocation checking for the SSL certificate of KDC proxy servers
- Fail authentication requests when Kerberos armoring is not available
- Kerberos client support for claims, compound authentication and Kerberos armoring
- Require strict KDC validation
- Require strict target SPN match on remote procedure calls
- Set maximum Kerberos SSPI context token buffer size
- Specify KDC proxy servers for Kerberos clients
- Support compound authentication
- Use forest search order
- Locale Services
- Logon
- Allow users to select when a password is required when resuming from connected standby
- Always use classic logon
- Always use custom logon background
- Always wait for the network at computer startup and logon
- Assign a default domain for logon
- Do not display network selection UI
- Do not display the Getting Started welcome screen at logon
- Do not enumerate connected users on domain-joined computers
- Do not process the legacy run list
- Do not process the run once list
- Enumerate local users on domain-joined computers
- Exclude credential providers
- Hide entry points for Fast User Switching
- Run these programs at user logon
- Show first sign-in animation
- Turn off app notifications on the lock screen
- Turn off picture password sign-in
- Turn off Windows Startup sound
- Turn on PIN sign-in
- Net Logon
- DC Locator DNS Records
- Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
- Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails
- Force Rediscovery Interval
- Return domain controller address type
- Set Priority in the DC Locator DNS SRV records
- Set TTL in the DC Locator DNS Records
- Set Weight in the DC Locator DNS SRV records
- Specify address lookup behavior for DC locator ping
- Specify DC Locator DNS records not registered by the DCs
- Specify dynamic registration of the DC Locator DNS Records
- Specify Refresh Interval of the DC Locator DNS records
- Specify sites covered by the application directory partition DC Locator DNS SRV records
- Specify sites covered by the DC Locator DNS SRV records
- Specify sites covered by the GC Locator DNS SRV Records
- Try Next Closest Site
- Use automated site coverage by the DC Locator DNS SRV Records
- Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.
- Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC
- Allow cryptography algorithms compatible with Windows NT 4.0
- Contact PDC on logon failure
- Set scavenge interval
- Specify expected dial-up delay on logon
- Specify log file debug output level
- Specify maximum log file size
- Specify negative DC Discovery cache setting
- Specify positive periodic DC Cache refresh for non-background callers
- Specify site name
- Use final DC discovery retry setting for background callers
- Use initial DC discovery retry setting for background callers
- Use maximum DC discovery retry interval setting for background callers
- Use positive periodic DC cache refresh for background callers
- Use urgent mode when pinging domain controllers
- DC Locator DNS Records
- Power Management
- Button Settings
- Select the lid switch action (on battery)
- Select the lid switch action (plugged in)
- Select the Power button action (on battery)
- Select the Power button action (plugged in)
- Select the Sleep button action (on battery)
- Select the Sleep button action (plugged in)
- Select the Start menu Power button action (on battery)
- Select the Start menu Power button action (plugged in)
- Hard Disk Settings
- Notification Settings
- Sleep Settings
- Allow applications to prevent automatic sleep (on battery)
- Allow applications to prevent automatic sleep (plugged in)
- Allow automatic sleep with Open Network Files (on battery)
- Allow automatic sleep with Open Network Files (plugged in)
- Allow standby states (S1-S3) when sleeping (on battery)
- Allow standby states (S1-S3) when sleeping (plugged in)
- Require a password when a computer wakes (on battery)
- Require a password when a computer wakes (plugged in)
- Specify the system hibernate timeout (on battery)
- Specify the system hibernate timeout (plugged in)
- Specify the system sleep timeout (on battery)
- Specify the system sleep timeout (plugged in)
- Specify the unattended sleep timeout (on battery)
- Specify the unattended sleep timeout (plugged in)
- Turn off hybrid sleep (on battery)
- Turn off hybrid sleep (plugged in)
- Turn on the ability for applications to prevent sleep transitions (on battery)
- Turn on the ability for applications to prevent sleep transitions (plugged in)
- Video and Display Settings
- Reduce display brightness (on battery)
- Reduce display brightness (plugged in)
- Specify the display dim brightness (on battery)
- Specify the display dim brightness (plugged in)
- Turn off adaptive display timeout (on battery)
- Turn off adaptive display timeout (plugged in)
- Turn off the display (on battery)
- Turn off the display (plugged in)
- Turn on desktop background slideshow (on battery)
- Turn on desktop background slideshow (plugged in)
- Select an active power plan
- Specify a custom active power plan
- Button Settings
- Recovery
- Remote Assistance
- Remote Procedure Call
- Removable Storage Access
- All Removable Storage: Allow direct access in remote sessions
- All Removable Storage classes: Deny all access
- CD and DVD: Deny execute access
- CD and DVD: Deny read access
- CD and DVD: Deny write access
- Custom Classes: Deny read access
- Custom Classes: Deny write access
- Floppy Drives: Deny execute access
- Floppy Drives: Deny read access
- Floppy Drives: Deny write access
- Removable Disks: Deny execute access
- Removable Disks: Deny read access
- Removable Disks: Deny write access
- Tape Drives: Deny execute access
- Tape Drives: Deny read access
- Tape Drives: Deny write access
- Time (in seconds) to force reboot
- WPD Devices: Deny read access
- WPD Devices: Deny write access
- Scripts
- Allow logon scripts when NetBIOS or WINS is disabled
- Maximum wait time for Group Policy scripts
- Run logon scripts synchronously
- Run shutdown scripts visible
- Run startup scripts asynchronously
- Run startup scripts visible
- Run Windows PowerShell scripts first at computer startup, shutdown
- Run Windows PowerShell scripts first at user logon, logoff
- Server Manager
- Shutdown
- Shutdown Options
- System Restore
- Troubleshooting and Diagnostics
- Application Compatibility Diagnostics
- Detect application failures caused by deprecated COM objects
- Detect application failures caused by deprecated Windows DLLs
- Detect application installers that need to be run as administrator
- Detect application install failures
- Detect applications unable to launch installers under UAC
- Detect compatibility issues for applications and drivers
- Notify blocked drivers
- Corrupted File Recovery
- Disk Diagnostic
- Fault Tolerant Heap
- Microsoft Support Diagnostic Tool
- MSI Corrupted File Recovery
- Scheduled Maintenance
- Scripted Diagnostics
- Configure Security Policy for Scripted Diagnostics
- Troubleshooting: Allow users to access and run Troubleshooting Wizards
- Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)
- Windows Boot Performance Diagnostics
- Windows Memory Leak Diagnosis
- Windows Performance PerfTrack
- Windows Resource Exhaustion Detection and Resolution
- Windows Shutdown Performance Diagnostics
- Windows Standby/Resume Performance Diagnostics
- Windows System Responsiveness Performance Diagnostics
- Diagnostics: Configure scenario execution level
- Diagnostics: Configure scenario retention
- Application Compatibility Diagnostics
- Trusted Platform Module Services
- Configure the level of TPM owner authorization information available to the operating system
- Configure the list of blocked TPM commands
- Ignore the default list of blocked TPM commands
- Ignore the local list of blocked TPM commands
- Standard User Individual Lockout Threshold
- Standard User Lockout Duration
- Standard User Total Lockout Threshold
- Turn on TPM backup to Active Directory Domain Services
- User Profiles
- Add the Administrators security group to roaming user profiles
- Control slow network connection timeout for user profiles
- Delete cached copies of roaming profiles
- Delete user profiles older than a specified number of days on system restart
- Disable detection of slow network connections
- Do not check for user ownership of Roaming Profile Folders
- Do not forcefully unload the users registry at user logoff
- Do not log users on with temporary profiles
- Download roaming profiles on primary computers only
- Establish timeout value for dialog boxes
- Leave Windows Installer and Group Policy Software Installation Data
- Maximum retries to unload and update user profile
- Only allow local user profiles
- Prevent Roaming Profile changes from propagating to the server
- Prompt user when a slow network connection is detected
- Set maximum wait time for the network if a user has a roaming user profile or remote home directory
- Set roaming profile path for all users logging onto this computer
- Set the schedule for background upload of a roaming user profile's registry file while user is logged on
- Set user home folder
- Turn off the advertising ID
- User management of sharing user name, account picture, and domain information with apps (not desktop apps)
- Wait for remote user profile
- Windows File Protection
- Windows Time Service
- Activate Shutdown Event Tracker System State Data feature
- Allow Distributed Link Tracking clients to use domain resources
- Display highly detailed status messages
- Display Shutdown Event Tracker
- Do not automatically encrypt files moved to encrypted folders
- Do not display Manage Your Server page at logon
- Do not turn off system power after a Windows system shutdown has occurred.
- Download missing COM components
- Enable Persistent Time Stamp
- Remove Boot / Shutdown / Logon / Logoff status messages
- Restrict potentially unsafe HTML Help functions to specified folders
- Restrict these programs from being launched from Help
- Specify settings for optional component installation and component repair
- Specify Windows installation file location
- Specify Windows Service Pack installation file location
- Turn off Data Execution Prevention for HTML Help Executible
- Windows Components
- ActiveX Installer Service
- Add features to Windows 8.1
- Application Compatibility
- App Package Deployment
- App runtime
- AutoPlay Policies
- Backup
- Biometrics
- BitLocker Drive Encryption
- Fixed Data Drives
- Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
- Choose how BitLocker-protected fixed drives can be recovered
- Configure use of hardware-based encryption for fixed data drives
- Configure use of passwords for fixed data drives
- Configure use of smart cards on fixed data drives
- Deny write access to fixed drives not protected by BitLocker
- Enforce drive encryption type on fixed data drives
- Operating System Drives
- Allow enhanced PINs for startup
- Allow network unlock at startup
- Allow Secure Boot for integrity validation
- Choose how BitLocker-protected operating system drives can be recovered
- Configure minimum PIN length for startup
- Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
- Configure TPM platform validation profile for BIOS-based firmware configurations
- Configure TPM platform validation profile for native UEFI firmware configurations
- Configure use of hardware-based encryption for operating system drives
- Configure use of passwords for operating system drives
- Disallow standard users from changing the PIN or password
- Enable use of BitLocker authentication requiring preboot keyboard input on slates
- Enforce drive encryption type on operating system drives
- Require additional authentication at startup (Windows Server 2008 and Windows Vista)
- Require additional authentication at startup
- Reset platform validation data after BitLocker recovery
- Use enhanced Boot Configuration Data validation profile
- Removable Data Drives
- Allow access to BitLocker-protected removable data drives from earlier versions of Windows
- Choose how BitLocker-protected removable drives can be recovered
- Configure use of hardware-based encryption for removable data drives
- Configure use of passwords for removable data drives
- Configure use of smart cards on removable data drives
- Control use of BitLocker on removable drives
- Deny write access to removable drives not protected by BitLocker
- Enforce drive encryption type on removable data drives
- Choose default folder for recovery password
- Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
- Choose drive encryption method and cipher strength
- Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
- Prevent memory overwrite on restart
- Provide the unique identifiers for your organization
- Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
- Validate smart card certificate usage rule compliance
- Fixed Data Drives
- Credential User Interface
- Desktop Gadgets
- Desktop Window Manager
- Device and Driver Compatibility
- Digital Locker
- Edge UI
- Event Forwarding
- Event Log Service
- Application
- Security
- Setup
- System
- Event Viewer
- File Explorer
- Previous Versions
- Allow the use of remote paths in file shortcut icons
- Configure Windows Defender SmartScreen
- Disable binding directly to IPropertySetStorage without intermediate layers.
- Do not show the 'new application installed' notification
- Location where all default Library definition files for users/machines reside.
- Set a default associations configuration file
- Set a support web page link
- Show hibernate in the power options menu
- Show lock in the user tile menu
- Show sleep in the power options menu
- Start File Explorer with ribbon minimized
- Turn off Data Execution Prevention for Explorer
- Turn off heap termination on corruption
- Turn off numerical sorting in File Explorer
- Turn off shell protocol protected mode
- Verify old and new Folder Redirection targets point to the same share before redirecting
- File History
- Game Explorer
- HomeGroup
- Internet Explorer
- Accelerators
- Application Compatibility
- Browser menus
- Compatibility View
- Corporate Settings
- Delete Browsing History
- Allow deleting browsing history on exit
- Disable "Configuring History"
- Prevent access to Delete Browsing History
- Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
- Prevent deleting cookies
- Prevent deleting download history
- Prevent deleting favorites site data
- Prevent deleting form data
- Prevent deleting InPrivate Filtering data
- Prevent deleting passwords
- Prevent deleting temporary Internet files
- Prevent deleting websites that the user has visited
- Prevent the deletion of temporary Internet files and cookies
- Internet Control Panel
- Advanced Page
- Allow active content from CDs to run on user machines
- Allow Install On Demand (except Internet Explorer)
- Allow Install On Demand (Internet Explorer)
- Allow Internet Explorer to use the SPDY/3 network protocol
- Allow software to run or install even if the signature is invalid
- Allow third-party browser extensions
- Always send Do Not Track header
- Automatically check for Internet Explorer updates
- Check for server certificate revocation
- Check for signatures on downloaded programs
- Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
- Do not allow resetting Internet Explorer settings
- Do not save encrypted pages to disk
- Empty Temporary Internet Files folder when browser is closed
- Play animations in web pages
- Play sounds in web pages
- Play videos in web pages
- Turn off ClearType
- Turn off encryption support
- Turn off loading websites and content in the background to optimize performance
- Turn off Profile Assistant
- Turn off sending UTF-8 query strings for URLs
- Turn off the flip ahead with page prediction feature
- Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
- Turn on Caret Browsing support
- Turn on Enhanced Protected Mode
- Use HTTP 1.1 through proxy connections
- Use HTTP 1.1
- Content Page
- General Page
- Browsing History
- Allow websites to store application caches on client computers
- Allow websites to store indexed databases on client computers
- Set application caches expiration time limit for individual domains
- Set application cache storage limits for individual domains
- Set default storage limits for websites
- Set indexed database storage limits for individual domains
- Set maximum application cache individual resource size
- Set maximum application cache resource list size
- Set maximum application caches storage limit for all domains
- Set maximum indexed database storage limit for all domains
- Start Internet Explorer with tabs from last browsing session
- Browsing History
- Security Page
- Internet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Intranet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Local Machine Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Internet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Intranet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Local Machine Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Restricted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Trusted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Restricted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Trusted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Internet Zone Template
- Intranet Sites: Include all local (intranet) sites not listed in other zones
- Intranet Sites: Include all network paths (UNCs)
- Intranet Sites: Include all sites that bypass the proxy server
- Intranet Zone Template
- Local Machine Zone Template
- Locked-Down Internet Zone Template
- Locked-Down Intranet Zone Template
- Locked-Down Local Machine Zone Template
- Locked-Down Restricted Sites Zone Template
- Locked-Down Trusted Sites Zone Template
- Restricted Sites Zone Template
- Site to Zone Assignment List
- Trusted Sites Zone Template
- Turn on automatic detection of intranet
- Turn on certificate address mismatch warning
- Turn on Notification bar notification for intranet content
- Internet Zone
- Disable the Advanced page
- Disable the Connections page
- Disable the Content page
- Disable the General page
- Disable the Privacy page
- Disable the Programs page
- Disable the Security page
- Prevent ignoring certificate errors
- Send internationalized domain names
- Use UTF-8 for mailto links
- Advanced Page
- Internet Settings
- Advanced settings
- Browsing
- Multimedia
- Searching
- AutoComplete
- Component Updates
- Help Menu > About Internet Explorer
- Periodic check for updates to Internet Explorer and Internet Tools
- Open Internet Explorer tiles on the desktop
- Set how links are opened in Internet Explorer
- Advanced settings
- Privacy
- Establish InPrivate Filtering threshold
- Establish Tracking Protection threshold
- Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
- Turn off collection of InPrivate Filtering data
- Turn off InPrivate Browsing
- Turn off InPrivate Filtering
- Turn off Tracking Protection
- Security Features
- Add-on Management
- Add-on List
- All Processes
- Deny all add-ons unless specifically allowed in the Add-on List
- Process List
- Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
- Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
- Turn off blocking of outdated ActiveX controls for Internet Explorer
- Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
- Turn on ActiveX control logging in Internet Explorer
- AJAX
- Binary Behavior Security Restriction
- Consistent Mime Handling
- Local Machine Zone Lockdown Security
- Mime Sniffing Safety Feature
- MK Protocol Security Restriction
- Network Protocol Lockdown
- Notification bar
- Object Caching Protection
- Protection From Zone Elevation
- Restrict ActiveX Install
- Restrict File Download
- Scripted Window Security Restrictions
- Do not display the reveal password button
- Turn off Data Execution Prevention
- Turn off Data URI support
- Add-on Management
- Toolbars
- Add a specific list of search providers to the user's list of search providers
- Allow Internet Explorer 8 shutdown behavior
- Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
- Automatically activate newly installed add-ons
- Customize user agent string
- Disable Automatic Install of Internet Explorer components
- Disable changing Automatic Configuration settings
- Disable changing connection settings
- Disable changing secondary home page settings
- Disable Import/Export Settings wizard
- Disable Periodic Check for Internet Explorer software updates
- Disable showing the splash screen
- Disable software update shell notifications on program launch
- Do not allow users to enable or disable add-ons
- Enforce full-screen mode
- Install new versions of Internet Explorer automatically
- Let users turn on and use Enterprise Mode from the Tools menu
- Make proxy settings per-machine (rather than per-user)
- Pop-up allow list
- Prevent "Fix settings" functionality
- Prevent access to Internet Explorer Help
- Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
- Prevent bypassing SmartScreen Filter warnings
- Prevent changing pop-up filter level
- Prevent changing proxy settings
- Prevent changing the default search provider
- Prevent configuration of how windows open
- Prevent configuration of new tab creation
- Prevent Internet Explorer Search box from appearing
- Prevent managing pop-up exception list
- Prevent managing SmartScreen Filter
- Prevent managing the phishing filter
- Prevent participation in the Customer Experience Improvement Program
- Prevent per-user installation of ActiveX controls
- Prevent running First Run wizard
- Restrict search providers to a specific list
- Security Zones: Do not allow users to add/delete sites
- Security Zones: Do not allow users to change policies
- Security Zones: Use only machine settings
- Set tab process growth
- Specify default behavior for a new tab
- Specify use of ActiveX Installer Service for installation of ActiveX controls
- Turn off ability to pin sites in Internet Explorer on the desktop
- Turn off ActiveX Opt-In prompt
- Turn off add-on performance notifications
- Turn off Automatic Crash Recovery
- Turn off browser geolocation
- Turn off configuration of pop-up windows in tabbed browsing
- Turn off Crash Detection
- Turn off Favorites bar
- Turn off Managing SmartScreen Filter for Internet Explorer 8
- Turn off page-zooming functionality
- Turn off pop-up management
- Turn off Quick Tabs functionality
- Turn off Reopen Last Browsing Session
- Turn off suggestions for all user-installed providers
- Turn off tabbed browsing
- Turn off the auto-complete feature for web addresses
- Turn off the quick pick menu
- Turn off the Security Settings Check feature
- Turn on ActiveX Filtering
- Turn on compatibility logging
- Turn on menu bar by default
- Turn on Suggested Sites
- Use the Enterprise Mode IE website list
- Internet Information Services
- Location and Sensors
- Microsoft.Policies.Sensors.WindowsLocationProvider::WindowsLocationProvider
- Turn off location
- Turn off location scripting
- Turn off sensors
- Maintenance Scheduler
- NetMeeting
- Network Access Protection
- Network Projector
- OneDrive
- Online Assistance
- Parental Controls
- Password Synchronization
- Set the interval between synchronization retries for Password Synchronization
- Set the number of synchronization retries for servers running Password Synchronization
- Turn on extensive logging for Password Synchronization
- Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory
- Portable Operating System
- Presentation Settings
- Remote Desktop Services
- RD Licensing
- Remote Desktop Connection Client
- RemoteFX USB Device Redirection
- Allow .rdp files from unknown publishers
- Allow .rdp files from valid publishers and user's default .rdp settings
- Configure server authentication for client
- Do not allow passwords to be saved
- Prompt for credentials on the client computer
- Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
- Turn Off UDP On Client
- Remote Desktop Session Host
- Application Compatibility
- Connections
- Allow remote start of unlisted programs
- Allow users to connect remotely by using Remote Desktop Services
- Automatic reconnection
- Configure keep-alive connection interval
- Deny logoff of an administrator logged in to the console session
- Limit number of connections
- Restrict Remote Desktop Services users to a single Remote Desktop Services session
- Select network detection on the server
- Select RDP transport protocols
- Set rules for remote control of Remote Desktop Services user sessions
- Suspend user sign-in to complete app registration
- Turn off Fair Share CPU Scheduling
- Device and Resource Redirection
- Allow audio and video playback redirection
- Allow audio recording redirection
- Allow time zone redirection
- Do not allow Clipboard redirection
- Do not allow COM port redirection
- Do not allow drive redirection
- Do not allow LPT port redirection
- Do not allow smart card device redirection
- Do not allow supported Plug and Play device redirection
- Limit audio playback quality
- Licensing
- Printer Redirection
- Profiles
- RD Connection Broker
- Remote Session Environment
- RemoteFX for Windows Server 2008 R2
- Allow desktop composition for remote desktop sessions
- Always show desktop on connection
- Configure compression for RemoteFX data
- Configure image quality for RemoteFX Adaptive Graphics
- Configure RemoteFX Adaptive Graphics
- Do not allow font smoothing
- Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
- Enforce Removal of Remote Desktop Wallpaper
- Limit maximum color depth
- Limit maximum display resolution
- Limit number of monitors
- Remove "Disconnect" option from Shut Down dialog
- Remove Windows Security item from Start menu
- Start a program on connection
- Use advanced RemoteFX graphics for RemoteApp
- Use the hardware default graphics adapter for all Remote Desktop Services sessions
- Security
- Always prompt for password upon connection
- Do not allow local administrators to customize permissions
- Require secure RPC communication
- Require use of specific security layer for remote (RDP) connections
- Require user authentication for remote connections by using Network Level Authentication
- Server authentication certificate template
- Set client connection encryption level
- Session Time Limits
- Temporary folders
- RSS Feeds
- Search
- OCR
- Add primary intranet search location
- Add secondary intranet search locations
- Allow indexing of encrypted files
- Allow use of diacritics
- Always use automatic language detection when indexing content and properties
- Control rich previews for attachments
- Default excluded paths
- Default indexed paths
- Disable indexer backoff
- Don't search the web or display web results in Search
- Don't search the web or display web results in Search over metered connections
- Do not allow locations on removable drives to be added to libraries
- Do not allow web search
- Enable indexing of online delegate mailboxes
- Enable indexing uncached Exchange folders
- Enable throttling for online mail indexing
- Indexer data location
- Prevent adding UNC locations to index from Control Panel
- Prevent adding user-specified locations to the All Locations menu
- Prevent clients from querying the index remotely
- Prevent customization of indexed locations in Control Panel
- Prevent indexing certain paths
- Prevent indexing e-mail attachments
- Prevent indexing files in offline files cache
- Prevent indexing Microsoft Office Outlook
- Prevent indexing of certain file types
- Prevent indexing public folders
- Prevent indexing when running on battery power to conserve energy
- Prevent the display of advanced indexing options for Windows Search in the Control Panel
- Prevent unwanted iFilters and protocol handlers
- Preview pane location
- Set large or small icon view in desktop search results
- Set the SafeSearch setting for Search
- Set what information is shared in Search
- Stop indexing in the event of limited hard drive space
- Security Center
- Server for NIS
- Shutdown Options
- Smart Card
- Allow certificates with no extended key usage certificate attribute
- Allow ECC certificates to be used for logon and authentication
- Allow Integrated Unblock screen to be displayed at the time of logon
- Allow signature keys valid for Logon
- Allow time invalid certificates
- Allow user name hint
- Configure root certificate clean up
- Display string when smart card is blocked
- Filter duplicate logon certificates
- Force the reading of all certificates from the smart card
- Notify user of successful smart card driver installation
- Prevent plaintext PINs from being returned by Credential Manager
- Reverse the subject name stored in a certificate when displaying
- Turn on certificate propagation from smart card
- Turn on root certificate propagation from smart card
- Turn on Smart Card Plug and Play service
- Sound Recorder
- Store
- Sync your settings
- Tablet PC
- Accessories
- Cursors
- Hardware Buttons
- Input Panel
- Disable text prediction
- For tablet pen input, don't show the Input Panel icon
- For touch input, don't show the Input Panel icon
- Include rarely used Chinese, Kanji, or Hanja characters
- Prevent Input Panel tab from appearing
- Turn off AutoComplete integration with Input Panel
- Turn off password security in Input Panel
- Turn off tolerant and Z-shaped scratch-out gestures
- Pen Flicks Learning
- Pen UX Behaviors
- Tablet PC Pen Training
- Touch Input
- Task Scheduler
- Windows Calendar
- Windows Color System
- Windows Customer Experience Improvement Program
- Windows Defender
- Client Interface
- Exclusions
- MAPS
- Network Inspection System Exclusions
- Network Inspection System
- Quarantine
- Real-time Protection
- Configure local setting override for monitoring file and program activity on your computer
- Configure local setting override for monitoring for incoming and outgoing file activity
- Configure local setting override for scanning all downloaded files and attachments
- Configure local setting override for turn on behavior monitoring
- Configure local setting override to turn off Intrusion Prevention System
- Configure local setting override to turn on real-time protection
- Configure monitoring for incoming and outgoing file and program activity
- Define the maximum size of downloaded files and attachments to be scanned
- Monitor file and program activity on your computer
- Scan all downloaded files and attachments
- Turn off real-time protection
- Turn on behavior monitoring
- Turn on Information Protection Control
- Turn on network protection against exploits of known vulnerabilities
- Turn on process scanning whenever real-time protection is enabled
- Turn on raw volume write notifications
- Remediation
- Reporting
- Configure time out for detections in critically failed state
- Configure time out for detections in non-critical failed state
- Configure time out for detections in recently remediated state
- Configure time out for detections requiring additional action
- Configure Watson events
- Configure Windows software trace preprocessor components
- Configure WPP tracing level
- Scan
- Allow users to pause scan
- Check for the latest virus and spyware definitions before running a scheduled scan
- Configure local setting override for maximum percentage of CPU utilization
- Configure local setting override for scheduled quick scan time
- Configure local setting override for scheduled scan time
- Configure local setting override for schedule scan day
- Configure local setting override for the scan type to use for a scheduled scan
- Create a system restore point
- Run full scan on mapped network drives
- Scan archive files
- Scan network files
- Scan packed executables
- Scan removable drives
- Specify the day of the week to run a scheduled scan
- Specify the interval to run quick scans per day
- Specify the maximum depth to scan archive files
- Specify the maximum percentage of CPU utilization during a scan
- Specify the maximum size of archive files to be scanned
- Specify the scan type to use for a scheduled scan
- Specify the time for a daily quick scan
- Specify the time of day to run a scheduled scan
- Start the scheduled scan only when computer is on but not in use
- Turn on catch-up full scan
- Turn on catch-up quick scan
- Turn on e-mail scanning
- Turn on heuristics
- Turn on removal of items from scan history folder
- Turn on reparse point scanning
- Signature Updates
- Allow definition updates from Microsoft Update
- Allow definition updates when running on battery power
- Allow notifications to disable definitions based reports to Microsoft MAPS
- Allow real-time definition updates based on reports to Microsoft MAPS
- Check for the latest virus and spyware definitions on startup
- Define the number of days after which a catch-up definition update is required
- Define the number of days before spyware definitions are considered out of date
- Define the number of days before virus definitions are considered out of date
- Define the order of sources for downloading definition updates
- Initiate definition update on startup
- Specify the day of the week to check for definition updates
- Specify the interval to check for definition updates
- Specify the time to check for definition updates
- Turn on scan after signature update
- Threats
- Allow antimalware service to remain running always
- Allow antimalware service to startup with normal priority
- Configure local administrator merge behavior for lists
- Define addresses to bypass proxy server
- Define proxy server for connecting to the network
- Randomize scheduled task times
- Turn off routine remediation
- Turn off Windows Defender
- Windows Error Reporting
- Advanced Error Reporting Settings
- Configure Corporate Windows Error Reporting
- Configure Report Archive
- Configure Report Queue
- Default application reporting settings
- List of applications to always report errors for
- List of applications to be excluded
- List of applications to never report errors for
- Report operating system errors
- Report unplanned shutdown events
- Consent
- Automatically send memory dumps for OS-generated error reports
- Configure Error Reporting
- Disable logging
- Disable Windows Error Reporting
- Display Error Notification
- Do not send additional data
- Do not throttle additional data
- Prevent display of the user interface for critical errors
- Send additional data when on battery power
- Send data when on connected to a restricted/costed network
- Advanced Error Reporting Settings
- Windows Installer
- Allow user control over installs
- Allow users to browse for source while elevated
- Allow users to patch elevated products
- Allow users to use media source while elevated
- Always install with elevated privileges
- Control maximum size of baseline file cache
- Enforce upgrade component rules
- Prevent embedded UI
- Prevent Internet Explorer security prompt for Windows Installer scripts
- Prevent users from using Windows Installer to install updates and upgrades
- Prohibit flyweight patching
- Prohibit non-administrators from applying vendor signed updates
- Prohibit removal of updates
- Prohibit rollback
- Prohibit use of Restart Manager
- Prohibit User Installs
- Remove browse dialog box for new source
- Save copies of transform files in a secure location on workstation
- Specify the types of events Windows Installer records in its transaction log
- Turn off creation of System Restore checkpoints
- Turn off logging via package settings
- Turn off Windows Installer
- Windows Logon Options
- Windows Mail
- Windows Media Center
- Windows Media Digital Rights Management
- Windows Media Player
- Windows Messenger
- Windows Mobility Center
- Windows PowerShell
- Windows Reliability Analysis
- Windows Remote Management (WinRM)
- WinRM Client
- WinRM Service
- Allow Basic authentication
- Allow CredSSP authentication
- Allow remote server management through WinRM
- Allow unencrypted traffic
- Disallow Kerberos authentication
- Disallow Negotiate authentication
- Disallow WinRM from storing RunAs credentials
- Specify channel binding token hardening level
- Turn On Compatibility HTTP Listener
- Turn On Compatibility HTTPS Listener
- Windows Remote Shell
- Windows Update
- Allow Automatic Updates immediate installation
- Allow non-administrators to receive update notifications
- Allow signed updates from an intranet Microsoft update service location
- Always automatically restart at the scheduled time
- Automatic Updates detection frequency
- Configure Automatic Updates
- Delay Restart for scheduled installations
- Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
- Do not connect to any Windows Update Internet locations
- Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
- Enable client-side targeting
- Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
- No auto-restart with logged on users for scheduled automatic updates installations
- Re-prompt for restart with scheduled installations
- Reschedule Automatic Updates scheduled installations
- Specify intranet Microsoft update service location
- Turn on recommended updates via Automatic Updates
- Turn on Software Notifications
- Work Folders
- Workplace Join
- Control Panel
- Add or Remove Programs
- Go directly to Components Wizard
- Hide Add/Remove Windows Components page
- Hide Add New Programs page
- Hide Change or Remove Programs page
- Hide the "Add a program from CD-ROM or floppy disk" option
- Hide the "Add programs from Microsoft" option
- Hide the "Add programs from your network" option
- Hide the Set Program Access and Defaults page
- Remove Add or Remove Programs
- Remove Support Information
- Specify default category for Add New Programs
- Display
- Personalization
- Enable screen saver
- Force a specific visual style file or force Windows Classic
- Force specific screen saver
- Load a specific theme
- Password protect the screen saver
- Prevent changing color and appearance
- Prevent changing color scheme
- Prevent changing desktop background
- Prevent changing desktop icons
- Prevent changing mouse pointers
- Prevent changing screen saver
- Prevent changing sounds
- Prevent changing theme
- Prevent changing visual style for windows and buttons
- Prohibit selection of visual style font size
- Screen saver timeout
- Printers
- Programs
- Regional and Language Options
- Handwriting personalization
- Hide Regional and Language Options administrative options
- Hide the geographic location option
- Hide the select language group options
- Hide user locale selection and customization options
- Restrict selection of Windows menus and dialogs language
- Restricts the UI languages Windows should use for the selected user
- Turn off autocorrect misspelled words
- Turn off highlight misspelled words
- Turn off insert a space after selecting a text prediction
- Turn off offer text predictions as I type
- Always open All Control Panel Items when opening Control Panel
- Hide specified Control Panel items
- Prohibit access to Control Panel and PC settings
- Show only specified Control Panel items
- Add or Remove Programs
- Desktop
- Active Directory
- Desktop
- Don't save settings at exit
- Do not add shares of recently opened documents to Network Locations
- Hide and disable all items on the desktop
- Hide Internet Explorer icon on desktop
- Hide Network Locations icon on desktop
- Prevent adding, dragging, dropping and closing the Taskbar's toolbars
- Prohibit adjusting desktop toolbars
- Prohibit User from manually redirecting Profile Folders
- Remove Computer icon on the desktop
- Remove My Documents icon on the desktop
- Remove Properties from the Computer icon context menu
- Remove Properties from the Documents icon context menu
- Remove Properties from the Recycle Bin context menu
- Remove Recycle Bin icon from desktop
- Remove the Desktop Cleanup Wizard
- Turn off Aero Shake window minimizing mouse gesture
- Network
- Network Connections
- Ability to change properties of an all user remote access connection
- Ability to delete all user remote access connections
- Ability to Enable/Disable a LAN connection
- Ability to rename all user remote access connections
- Ability to rename LAN connections
- Ability to rename LAN connections or remote access connections available to all users
- Enable Windows 2000 Network Connections settings for Administrators
- Prohibit access to properties of a LAN connection
- Prohibit access to properties of components of a LAN connection
- Prohibit access to properties of components of a remote access connection
- Prohibit access to the Advanced Settings item on the Advanced menu
- Prohibit access to the New Connection Wizard
- Prohibit access to the Remote Access Preferences item on the Advanced menu
- Prohibit adding and removing components for a LAN or remote access connection
- Prohibit changing properties of a private remote access connection
- Prohibit connecting and disconnecting a remote access connection
- Prohibit deletion of remote access connections
- Prohibit Enabling/Disabling components of a LAN connection
- Prohibit renaming private remote access connections
- Prohibit TCP/IP advanced configuration
- Prohibit viewing of status for an active connection
- Turn off notifications when a connection has only limited or no connectivity
- Offline Files
- Action on server disconnect
- Event logging level
- Initial reminder balloon lifetime
- Non-default server disconnect actions
- Prevent use of Offline Files folder
- Prohibit user configuration of Offline Files
- Reminder balloon frequency
- Reminder balloon lifetime
- Remove "Make Available Offline" command
- Remove "Make Available Offline" for these files and folders
- Remove "Work offline" command
- Specify administratively assigned Offline Files
- Synchronize all offline files before logging off
- Synchronize all offline files when logging on
- Synchronize offline files before suspend
- Turn off reminder balloons
- Windows Connect Now
- Network Connections
- Start Menu and Taskbar
- Notifications
- Add "Run in Separate Memory Space" check box to Run dialog box
- Add Logoff to the Start Menu
- Add Search Internet link to Start Menu
- Add the Run command to the Start Menu
- Change Start Menu power button
- Clear history of recently opened documents on exit
- Clear history of tile notifications on exit
- Clear the recent programs list for new users
- Do not allow pinning items in Jump Lists
- Do not allow pinning programs to the Taskbar
- Do not allow pinning Store app to the Taskbar
- Do not allow taskbars on more than one display
- Do not display any custom toolbars in the taskbar
- Do not display or track items in Jump Lists from remote locations
- Do not keep history of recently opened documents
- Do not search communications
- Do not search for files
- Do not search Internet
- Do not search programs and Control Panel items
- Do not use the search-based method when resolving shell shortcuts
- Do not use the tracking-based method when resolving shell shortcuts
- Force classic Start Menu
- Go to the desktop instead of Start when signing in
- Gray unavailable Windows Installer programs Start Menu shortcuts
- Hide the notification area
- List desktop apps first in the Apps view
- Lock all taskbar settings
- Lock the Taskbar
- Pin Apps to Start when installed
- Prevent changes to Taskbar and Start Menu Settings
- Prevent grouping of taskbar items
- Prevent users from adding or removing toolbars
- Prevent users from customizing their Start Screen
- Prevent users from moving taskbar to another screen dock location
- Prevent users from rearranging toolbars
- Prevent users from resizing the taskbar
- Prevent users from uninstalling applications from Start
- Remove access to the context menus for the taskbar
- Remove All Programs list from the Start menu
- Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
- Remove Balloon Tips on Start Menu items
- Remove Clock from the system notification area
- Remove common program groups from Start Menu
- Remove Default Programs link from the Start menu.
- Remove Documents icon from Start Menu
- Remove Downloads link from Start Menu
- Remove Favorites menu from Start Menu
- Remove frequent programs list from the Start Menu
- Remove Games link from Start Menu
- Remove Help menu from Start Menu
- Remove Homegroup link from Start Menu
- Remove links and access to Windows Update
- Remove Logoff on the Start Menu
- Remove Music icon from Start Menu
- Remove Network Connections from Start Menu
- Remove Network icon from Start Menu
- Remove Pictures icon from Start Menu
- Remove pinned programs from the Taskbar
- Remove pinned programs list from the Start Menu
- Remove programs on Settings menu
- Remove Recent Items menu from Start Menu
- Remove Recorded TV link from Start Menu
- Remove Run menu from Start Menu
- Remove Search Computer link
- Remove Search link from Start Menu
- Remove See More Results / Search Everywhere link
- Remove the "Undock PC" button from the Start Menu
- Remove the Action Center icon
- Remove the battery meter
- Remove the networking icon
- Remove the volume control icon
- Remove user's folders from the Start Menu
- Remove user folder link from Start Menu
- Remove user name from Start Menu
- Remove Videos link from Start Menu
- Search just apps from the Apps view
- Show "Run as different user" command on Start
- Show QuickLaunch on Taskbar
- Show Start on the display the user is using when they press the Windows logo key
- Show the Apps view automatically when the user goes to Start
- Show Windows Store apps on the taskbar
- Start Screen Layout
- Turn off all balloon notifications
- Turn off automatic promotion of notification icons to the taskbar
- Turn off feature advertisement balloon notifications
- Turn off notification area cleanup
- Turn off taskbar thumbnails
- Turn off user tracking
- System
- Ctrl+Alt+Del Options
- Driver Installation
- Folder Redirection
- Do not automatically make all redirected folders available offline
- Do not automatically make specific redirected folders available offline
- Enable optimized move of contents in Offline Files cache on Folder Redirection server path change
- Redirect folders on primary computers only
- Use localized subfolder names when redirecting Start Menu and My Documents
- Group Policy
- Configure Group Policy domain controller selection
- Configure Group Policy slow link detection
- Create new Group Policy Object links disabled by default
- Determine if interactive users can generate Resultant Set of Policy data
- Enforce Show Policies Only
- Set default name for new Group Policy objects
- Set Group Policy refresh interval for users
- Turn off automatic update of ADM files
- Internet Communication Management
- Internet Communication settings
- Turn off access to the Store
- Turn off downloading of print drivers over HTTP
- Turn off handwriting personalization data sharing
- Turn off handwriting recognition error reporting
- Turn off Help Experience Improvement Program
- Turn off Help Ratings
- Turn off Internet download for Web publishing and online ordering wizards
- Turn off Internet File Association service
- Turn off printing over HTTP
- Turn off the "Order Prints" picture task
- Turn off the "Publish to Web" task for files and folders
- Turn off the Windows Messenger Customer Experience Improvement Program
- Turn off Windows Online
- Restrict Internet communication
- Internet Communication settings
- Locale Services
- Logon
- Power Management
- Removable Storage Access
- All Removable Storage classes: Deny all access
- CD and DVD: Deny read access
- CD and DVD: Deny write access
- Custom Classes: Deny read access
- Custom Classes: Deny write access
- Floppy Drives: Deny read access
- Floppy Drives: Deny write access
- Removable Disks: Deny read access
- Removable Disks: Deny write access
- Tape Drives: Deny read access
- Tape Drives: Deny write access
- Time (in seconds) to force reboot
- WPD Devices: Deny read access
- WPD Devices: Deny write access
- Scripts
- User Profiles
- Century interpretation for Year 2000
- Custom User Interface
- Don't run specified Windows applications
- Do not display the Getting Started welcome screen at logon
- Download missing COM components
- Prevent access to registry editing tools
- Prevent access to the command prompt
- Restrict these programs from being launched from Help
- Run only specified Windows applications
- Windows Automatic Updates
- Windows Components
- Add features to Windows 8.1
- Application Compatibility
- App runtime
- Attachment Manager
- Default risk level for file attachments
- Do not preserve zone information in file attachments
- Hide mechanisms to remove zone information
- Inclusion list for high risk file types
- Inclusion list for low file types
- Inclusion list for moderate risk file types
- Notify antivirus programs when opening attachments
- Trust logic for file attachments
- AutoPlay Policies
- Credential User Interface
- Desktop Gadgets
- Desktop Window Manager
- Digital Locker
- Edge UI
- Disable help tips
- Do not show recent apps when the mouse is pointing to the upper-left corner of the screen
- Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X
- Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen
- Turn off switching between recent apps
- Turn off tracking of app usage
- File Explorer
- Common Open File Dialog
- Explorer Frame Pane
- Previous Versions
- Allow only per user or approved shell extensions
- Disable binding directly to IPropertySetStorage without intermediate layers.
- Disable Known Folders
- Display confirmation dialog when deleting files
- Display the menu bar in File Explorer
- Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon
- Do not display the Welcome Center at user logon
- Do not move deleted files to the Recycle Bin
- Do not request alternate credentials
- Do not track Shell shortcuts during roaming
- Hides the Manage item on the File Explorer context menu
- Hide these specified drives in My Computer
- Location where all default Library definition files for users/machines reside.
- Maximum allowed Recycle Bin size
- Maximum number of recent documents
- No Computers Near Me in Network Locations
- No Entire Network in Network Locations
- Pin Internet search sites to the "Search again" links and the Start menu
- Pin Libraries or Search Connectors to the "Search again" links and the Start menu
- Prevent access to drives from My Computer
- Prevent users from adding files to the root of their Users Files folder.
- Remove "Map Network Drive" and "Disconnect Network Drive"
- Remove CD Burning features
- Remove DFS tab
- Remove File Explorer's default context menu
- Remove File menu from File Explorer
- Remove Hardware tab
- Remove Search button from File Explorer
- Remove Security tab
- Remove the Search the Internet "Search again" link
- Remove UI to change menu animation setting
- Request credentials for network installations
- Start File Explorer with ribbon minimized
- Turn off caching of thumbnail pictures
- Turn off common control and window animations
- Turn off display of recent search entries in the File Explorer search box
- Turn off numerical sorting in File Explorer
- Turn off shell protocol protected mode
- Turn off the caching of thumbnails in hidden thumbs.db files
- Turn off the display of snippets in Content view mode
- Turn off the display of thumbnails and only display icons.
- Turn off the display of thumbnails and only display icons on network folders
- Turn off Windows Key hotkeys
- Turn off Windows Libraries features that rely on indexed file data
- Turn on Classic Shell
- File Revocation
- IME
- Do not include Non-Publishing Standard Glyph in the candidate list
- Restrict character code range of conversion
- Turn off custom dictionary
- Turn off history-based predictive input
- Turn off Internet search integration
- Turn off Open Extended Dictionary
- Turn off saving auto-tuning data to file
- Turn on cloud candidate
- Turn on misconversion logging for misconversion report
- Instant Search
- Internet Explorer
- Accelerators
- Administrator Approved Controls
- Application Compatibility
- Browser menus
- Disable Open in New Window menu option
- Disable Save this program to disk option
- File menu: Disable closing the browser and Explorer windows
- File menu: Disable New menu option
- File menu: Disable Open menu option
- File menu: Disable Save As... menu option
- File menu: Disable Save As Web Page Complete
- Help menu: Remove 'For Netscape Users' menu option
- Help menu: Remove 'Send Feedback' menu option
- Help menu: Remove 'Tip of the Day' menu option
- Help menu: Remove 'Tour' menu option
- Hide Favorites menu
- Tools menu: Disable Internet Options... menu option
- Turn off Print Menu
- Turn off Shortcut Menu
- Turn off the ability to launch report site problems using a menu option
- View menu: Disable Full Screen menu option
- View menu: Disable Source menu option
- Compatibility View
- Delete Browsing History
- Allow deleting browsing history on exit
- Disable "Configuring History"
- Prevent access to Delete Browsing History
- Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
- Prevent deleting cookies
- Prevent deleting download history
- Prevent deleting favorites site data
- Prevent deleting form data
- Prevent deleting InPrivate Filtering data
- Prevent deleting passwords
- Prevent deleting temporary Internet files
- Prevent deleting websites that the user has visited
- Prevent the deletion of temporary Internet files and cookies
- Internet Control Panel
- Advanced Page
- Allow active content from CDs to run on user machines
- Allow Install On Demand (except Internet Explorer)
- Allow Install On Demand (Internet Explorer)
- Allow Internet Explorer to use the SPDY/3 network protocol
- Allow software to run or install even if the signature is invalid
- Allow third-party browser extensions
- Always send Do Not Track header
- Automatically check for Internet Explorer updates
- Check for server certificate revocation
- Check for signatures on downloaded programs
- Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
- Do not allow resetting Internet Explorer settings
- Do not save encrypted pages to disk
- Empty Temporary Internet Files folder when browser is closed
- Play animations in web pages
- Play sounds in web pages
- Play videos in web pages
- Turn off ClearType
- Turn off encryption support
- Turn off loading websites and content in the background to optimize performance
- Turn off Profile Assistant
- Turn off sending UTF-8 query strings for URLs
- Turn off the flip ahead with page prediction feature
- Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
- Turn on Caret Browsing support
- Turn on Enhanced Protected Mode
- Use HTTP 1.1 through proxy connections
- Use HTTP 1.1
- Content Page
- General Page
- Browsing History
- Allow websites to store application caches on client computers
- Allow websites to store indexed databases on client computers
- Set application caches expiration time limit for individual domains
- Set application cache storage limits for individual domains
- Set default storage limits for websites
- Set indexed database storage limits for individual domains
- Set maximum application cache individual resource size
- Set maximum application cache resource list size
- Set maximum application caches storage limit for all domains
- Set maximum indexed database storage limit for all domains
- Start Internet Explorer with tabs from last browsing session
- Browsing History
- Security Page
- Internet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Intranet Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Local Machine Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Internet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Intranet Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Local Machine Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Restricted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Locked-Down Trusted Sites Zone
- Access data sources across domains
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Restricted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Trusted Sites Zone
- Access data sources across domains
- Allow active content over restricted protocols to access my computer
- Allow active scripting
- Allow binary and script behaviors
- Allow cut, copy or paste operations from the clipboard via script
- Allow drag and drop or copy and paste files
- Allow file downloads
- Allow font downloads
- Allow installation of desktop items
- Allow loading of XAML Browser Applications
- Allow loading of XAML files
- Allow loading of XPS files
- Allow META REFRESH
- Allow only approved domains to use ActiveX controls without prompt
- Allow OpenSearch queries in File Explorer
- Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
- Allow script-initiated windows without size or position constraints
- Allow scripting of Internet Explorer WebBrowser controls
- Allow scriptlets
- Allow updates to status bar via script
- Allow video and animation on a webpage that uses an older media player
- Allow websites to open windows without status bar or Address bar
- Allow websites to prompt for information by using scripted windows
- Automatic prompting for ActiveX controls
- Automatic prompting for file downloads
- Display mixed content
- Don't run antimalware programs against ActiveX controls
- Do not prompt for client certificate selection when no certificates or only one certificate exists.
- Download signed ActiveX controls
- Download unsigned ActiveX controls
- Enable dragging of content from different domains across windows
- Enable dragging of content from different domains within a window
- Enable MIME Sniffing
- Include local path when user is uploading files to a server
- Initialize and script ActiveX controls not marked as safe
- Java permissions
- Launching applications and files in an IFRAME
- Logon options
- Render legacy filters
- Run .NET Framework-reliant components not signed with Authenticode
- Run .NET Framework-reliant components signed with Authenticode
- Run ActiveX controls and plugins
- Script ActiveX controls marked safe for scripting
- Scripting of Java applets
- Show security warning for potentially unsafe files
- Software channel permissions
- Submit non-encrypted form data
- Turn off .NET Framework Setup
- Turn off first-run prompt
- Turn on Cross-Site Scripting Filter
- Turn on Protected Mode
- Turn on SmartScreen Filter scan
- Use Pop-up Blocker
- Userdata persistence
- Web sites in less privileged Web content zones can navigate into this zone
- Internet Zone Template
- Intranet Sites: Include all local (intranet) sites not listed in other zones
- Intranet Sites: Include all network paths (UNCs)
- Intranet Sites: Include all sites that bypass the proxy server
- Intranet Zone Template
- Local Machine Zone Template
- Locked-Down Internet Zone Template
- Locked-Down Intranet Zone Template
- Locked-Down Local Machine Zone Template
- Locked-Down Restricted Sites Zone Template
- Locked-Down Trusted Sites Zone Template
- Restricted Sites Zone Template
- Site to Zone Assignment List
- Trusted Sites Zone Template
- Turn on automatic detection of intranet
- Turn on certificate address mismatch warning
- Turn on Notification bar notification for intranet content
- Internet Zone
- Disable the Advanced page
- Disable the Connections page
- Disable the Content page
- Disable the General page
- Disable the Privacy page
- Disable the Programs page
- Disable the Security page
- Prevent ignoring certificate errors
- Send internationalized domain names
- Use UTF-8 for mailto links
- Advanced Page
- Internet Settings
- Advanced settings
- Browsing
- Go to an intranet site for a one-word entry in the Address bar
- Turn off configuring underline links
- Turn off details in messages about Internet connection problems
- Turn off page transitions
- Turn off phone number detection
- Turn off smooth scrolling
- Turn on script debugging
- Turn on the display of script errors
- Internet Connection Wizard Settings
- Multimedia
- Printing
- Searching
- Signup Settings
- Browsing
- AutoComplete
- Display settings
- General Colors
- Link Colors
- Prevent choosing default text size
- URL Encoding
- Open Internet Explorer tiles on the desktop
- Set how links are opened in Internet Explorer
- Advanced settings
- Offline Pages
- Disable adding channels
- Disable adding schedules for offline pages
- Disable all scheduled offline pages
- Disable channel user interface completely
- Disable downloading of site subscription content
- Disable editing and creating of schedule groups
- Disable editing schedules for offline pages
- Disable offline page hit logging
- Disable removing channels
- Disable removing schedules for offline pages
- Subscription Limits
- Persistence Behavior
- Privacy
- Establish InPrivate Filtering threshold
- Establish Tracking Protection threshold
- Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
- Turn off collection of InPrivate Filtering data
- Turn off InPrivate Browsing
- Turn off InPrivate Filtering
- Turn off Tracking Protection
- Security Features
- Add-on Management
- Add-on List
- All Processes
- Deny all add-ons unless specifically allowed in the Add-on List
- Process List
- Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
- Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
- Turn off blocking of outdated ActiveX controls for Internet Explorer
- Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
- Turn on ActiveX control logging in Internet Explorer
- AJAX
- Binary Behavior Security Restriction
- Consistent Mime Handling
- Local Machine Zone Lockdown Security
- Mime Sniffing Safety Feature
- MK Protocol Security Restriction
- Network Protocol Lockdown
- Notification bar
- Object Caching Protection
- Protection From Zone Elevation
- Restrict ActiveX Install
- Restrict File Download
- Scripted Window Security Restrictions
- Do not display the reveal password button
- Turn off Data URI support
- Add-on Management
- Toolbars
- Configure Toolbar Buttons
- Customize command labels
- Disable customizing browser toolbar buttons
- Disable customizing browser toolbars
- Display tabs on a separate row
- Hide the Command bar
- Hide the status bar
- Lock all toolbars
- Lock location of Stop and Refresh buttons
- Turn off Developer Tools
- Turn off toolbar upgrade tool
- Use large icons for command buttons
- Add a specific list of search providers to the user's list of search providers
- Allow Internet Explorer 8 shutdown behavior
- Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
- Automatically activate newly installed add-ons
- Configure Media Explorer Bar
- Configure Outlook Express
- Customize user agent string
- Disable AutoComplete for forms
- Disable caching of Auto-Proxy scripts
- Disable changing accessibility settings
- Disable changing Advanced page settings
- Disable changing Automatic Configuration settings
- Disable changing Calendar and Contact settings
- Disable changing certificate settings
- Disable changing color settings
- Disable changing connection settings
- Disable changing default browser check
- Disable changing font settings
- Disable changing home page settings
- Disable changing language settings
- Disable changing link color settings
- Disable changing Messaging settings
- Disable changing Profile Assistant settings
- Disable changing ratings settings
- Disable changing secondary home page settings
- Disable changing Temporary Internet files settings
- Disable external branding of Internet Explorer
- Disable Import/Export Settings wizard
- Disable Internet Connection wizard
- Disable the Reset Web Settings feature
- Display error message on proxy script download failure
- Do not allow users to enable or disable add-ons
- Enforce full-screen mode
- Identity Manager: Prevent users from using Identities
- Let users turn on and use Enterprise Mode from the Tools menu
- Notify users if Internet Explorer is not the default web browser
- Pop-up allow list
- Prevent "Fix settings" functionality
- Prevent access to Internet Explorer Help
- Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
- Prevent bypassing SmartScreen Filter warnings
- Prevent changing pop-up filter level
- Prevent changing proxy settings
- Prevent changing the default search provider
- Prevent configuration of how windows open
- Prevent configuration of new tab creation
- Prevent Internet Explorer Search box from appearing
- Prevent managing pop-up exception list
- Prevent managing SmartScreen Filter
- Prevent managing the phishing filter
- Prevent participation in the Customer Experience Improvement Program
- Prevent per-user installation of ActiveX controls
- Prevent running First Run wizard
- Restrict search providers to a specific list
- Search: Disable Find Files via F3 within the browser
- Search: Disable Search Customization
- Set tab process growth
- Specify default behavior for a new tab
- Specify use of ActiveX Installer Service for installation of ActiveX controls
- Turn off ability to pin sites in Internet Explorer on the desktop
- Turn off ActiveX Opt-In prompt
- Turn off add-on performance notifications
- Turn off Automatic Crash Recovery
- Turn off browser geolocation
- Turn off configuration of pop-up windows in tabbed browsing
- Turn off Crash Detection
- Turn off Favorites bar
- Turn off Managing SmartScreen Filter for Internet Explorer 8
- Turn off page-zooming functionality
- Turn off pop-up management
- Turn off Quick Tabs functionality
- Turn off Reopen Last Browsing Session
- Turn off suggestions for all user-installed providers
- Turn off tabbed browsing
- Turn off Tab Grouping
- Turn off the auto-complete feature for web addresses
- Turn off the quick pick menu
- Turn off the Security Settings Check feature
- Turn on ActiveX Filtering
- Turn on compatibility logging
- Turn on menu bar by default
- Turn on Suggested Sites
- Turn on the auto-complete feature for user names and passwords on forms
- Use Automatic Detection for dial-up connections
- Use the Enterprise Mode IE website list
- Location and Sensors
- Microsoft Management Console
- Restricted/Permitted snap-ins
- Extension snap-ins
- AppleTalk Routing
- Authorization Manager
- Certification Authority Policy Settings
- Connection Sharing (NAT)
- DCOM Configuration Extension
- Device Manager
- DFS Management Extension
- DHCP Relay Management
- Disk Management Extension
- Event Viewer (Windows Vista)
- Event Viewer
- Extended View (Web View)
- File Server Resource Manager Extension
- IAS Logging
- IGMP Routing
- IP Routing
- IPX RIP Routing
- IPX Routing
- IPX SAP Routing
- Logical and Mapped Drives
- OSPF Routing
- Public Key Policies
- RAS Dialin - User Node
- Remote Access
- Removable Storage
- RIP Routing
- Routing
- Send Console Message
- Service Dependencies
- SMTP Protocol
- SNMP
- Storage Manager for SANS Extension
- System Properties
- Group Policy
- Group Policy snap-in extensions
- Administrative Templates (Computers)
- Administrative Templates (Users)
- Folder Redirection
- Internet Explorer Maintenance
- IP Security Policy Management
- NAP Client Configuration
- Remote Installation Services
- Scripts (Logon/Logoff)
- Scripts (Startup/Shutdown)
- Security Settings
- Software Installation (Computers)
- Software Installation (Users)
- Windows Firewall with Advanced Security
- Wired Network (IEEE 802.3) Policies
- Wireless Network (IEEE 802.11) Policies
- Preference snap-in extensions
- Permit use of Application snap-ins
- Permit use of Applications preference extension
- Permit use of Control Panel Settings (Computers)
- Permit use of Control Panel Settings (Users)
- Permit use of Data Sources preference extension
- Permit use of Devices preference extension
- Permit use of Drive Maps preference extension
- Permit use of Environment preference extension
- Permit use of Files preference extension
- Permit use of Folder Options preference extension
- Permit use of Folders preference extension
- Permit use of Ini Files preference extension
- Permit use of Internet Settings preference extension
- Permit use of Local Users and Groups preference extension
- Permit use of Network Options preference extension
- Permit use of Power Options preference extension
- Permit use of Preferences tab
- Permit use of Printers preference extension
- Permit use of Regional Options preference extension
- Permit use of Registry preference extension
- Permit use of Scheduled Tasks preference extension
- Permit use of Services preference extension
- Permit use of Shortcuts preference extension
- Permit use of Start Menu preference extension
- Resultant Set of Policy snap-in extensions
- Group Policy Management Editor
- Group Policy Management
- Group Policy Object Editor
- Group Policy Starter GPO Editor
- Group Policy tab for Active Directory Tools
- Resultant Set of Policy snap-in
- Group Policy snap-in extensions
- .Net Framework Configuration
- Active Directory Domains and Trusts
- Active Directory Sites and Services
- Active Directory Users and Computers
- ActiveX Control
- ADSI Edit
- Certificates
- Certificate Templates
- Certification Authority
- Component Services
- Computer Management
- Device Manager
- DFS Management
- Disk Defragmenter
- Disk Management
- Distributed File System
- Enterprise PKI
- Event Viewer (Windows Vista)
- Event Viewer
- Failover Clusters Manager
- FAX Service
- File Server Resource Manager
- FrontPage Server Extensions
- Health Registration Authority (HRA)
- Indexing Service
- Internet Authentication Service (IAS)
- Internet Information Services
- IP Security Monitor
- IP Security Policy Management
- Link to Web Address
- Local Users and Groups
- NAP Client Configuration
- Network Policy Server (NPS)
- Online Responder
- Performance Logs and Alerts
- QoS Admission Control
- Remote Desktop Services Configuration
- Remote Desktops
- Removable Storage Management
- Routing and Remote Access
- Security Configuration and Analysis
- Security Templates
- Server Manager
- Services
- Storage Manager for SANs
- System Information
- Telephony
- TPM Management
- Windows Firewall with Advanced Security
- Wireless Monitor
- WMI Control
- Extension snap-ins
- Restrict the user from entering author mode
- Restrict users to the explicitly permitted list of snap-ins
- Restricted/Permitted snap-ins
- NetMeeting
- Application Sharing
- Audio & Video
- Options Page
- Allow persisting automatic acceptance of Calls
- Disable Chat
- Disable Directory services
- Disable NetMeeting 2.x Whiteboard
- Disable Whiteboard
- Enable Automatic Configuration
- Limit the size of sent files
- Prevent adding Directory servers
- Prevent automatic acceptance of Calls
- Prevent changing Call placement method
- Prevent receiving files
- Prevent sending files
- Prevent viewing Web directory
- Set Call Security options
- Set the intranet support Web page
- Network Projector
- Network Sharing
- Presentation Settings
- Remote Desktop Services
- RD Gateway
- RemoteApp and Desktop Connections
- Remote Desktop Connection Client
- Remote Desktop Session Host
- Connections
- Device and Resource Redirection
- Printer Redirection
- Remote Session Environment
- Session Time Limits
- RSS Feeds
- Search
- Sound Recorder
- Store
- Tablet PC
- Accessories
- Cursors
- Hardware Buttons
- Input Panel
- Disable text prediction
- For tablet pen input, don't show the Input Panel icon
- For touch input, don't show the Input Panel icon
- Include rarely used Chinese, Kanji, or Hanja characters
- Prevent Input Panel tab from appearing
- Turn off AutoComplete integration with Input Panel
- Turn off password security in Input Panel
- Turn off tolerant and Z-shaped scratch-out gestures
- Pen Flicks Learning
- Pen UX Behaviors
- Tablet PC Pen Training
- Touch Input
- Task Scheduler
- Windows Calendar
- Windows Color System
- Windows Error Reporting
- Advanced Error Reporting Settings
- Consent
- Automatically send memory dumps for OS-generated error reports
- Disable logging
- Disable Windows Error Reporting
- Do not send additional data
- Do not throttle additional data
- Send additional data when on battery power
- Send data when on connected to a restricted/costed network
- Windows Installer
- Windows Logon Options
- Windows Mail
- Windows Media Center
- Windows Media Player
- Networking
- Playback
- User Interface
- Prevent CD and DVD Media Information Retrieval
- Prevent Music File Media Information Retrieval
- Prevent Radio Station Preset Retrieval
- Windows Messenger
- Windows Mobility Center
- Windows PowerShell
- Windows Update
- Work Folders